DESCRIPTION:Some vulnerabilities have been discovered in the DJ-Classifiedscomponent for Joomla!, which can be exploited by malicious users toconduct script insertion attacks and compromise a vulnerable system.

1) Input passed via the "description" parameter to index.php (when"option" is set to "com_djclassifieds" and "view" is set to"additem") is not properly sanitised before being displayed to theuser. This can be exploited to insert arbitrary HTML and script code,which will be executed in a user's browser session in context of anaffected site when the malicious data is being viewed.

2) A vulnerability is caused due to the application improperlyvalidating uploaded files. This can be exploited to execute arbitraryPHP code by uploading a malicious PHP script with multipleextensions.

Successful exploitation of this vulnerability requires that Apache isnot configured to handle the mime-type for files with an e.g. "pjpeg"extension.

The vulnerabilities are confirmed in version 0.9.1. Other versionsmay also be affected.

GET LASTEST UPDATE

SOCIAL MEDIA

The Joomla!® name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.JoomlaCorner.com is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project